pkg/29641: pkg-vulnerabilities postgresql entries are insufficient

To: pkg-manager%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/29641: pkg-vulnerabilities postgresql entries are insufficient
From: kleink%reziprozitaet.de@localhost
Date: Wed, 9 Mar 2005 13:54:00 +0000 (UTC)

>Number:         29641
>Category:       pkg
>Synopsis:       pkg-vulnerabilities postgresql entries are insufficient
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Mar 09 13:54:00 +0000 2005
>Originator:     Klaus Klein
>Release:        n/a
>Organization:
Frobozz Magic Buglet Company
>Environment:
n/a

>Description:
        pkg-vulnerabilities only reflects the current naming and layout
        of the various postgresql packages.  This is insufficient since
        they do not take into consideration the recent naming _changes_ to
        deal with 7.3, 7.4 and 8.0 versions.

>How-To-Repeat:
        In pkg-vulnerabilities, see:
        postgresql73-lib<7.3.9  remote-code-execution   
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0245

        Have postgresql-lib-7.3.2 installed; watch audit-pkgs(1) (obviously)
        not match the above.
>Fix:
        Re-add entries predating the naming changes.

Prev by Date: Re: pkg/27011
Next by Date: Re: pkg/28388
Previous by Thread: pkg/29639: wm/icewm does not build on sparc
Next by Thread: pkg/29643: sablevm-classpath (and probably vablevm-classpath-vm) build fails
Indexes:

Home | Main Index | Thread Index | Old Index